Forgotten your password?


MITRE ATT&CK is a normalised, structured approach to classifying and describing the methods adversaries use to attack systems, based on real-world observations.

Attackers and defenders constantly respond to each other, so what works today might not tomorrow. MITRE says it works with the community to keep ATT&CK up to date with the ever-changing threat landscape.

This paper introduces ATT&CK and related tools and resources. It also discusses how to make practical use of ATT&CK with a focus on threat hunting and detection.

ATT&CK can help perform gap analysis of malicious behaviour, enhance threat detection and test detection rules to provide assurance.


Brought to you by LogRhythm and the SASIG.



Download your white paper: Using MITRE ATT&CK™ in Threat Hunting and Detection


Detection, page 9

Preventing attackers from using techniques is critical . Implementing detective controls is also important because 1) defence-in-depth requires layered defences against any given threat (all eggs in one basket), and 2) as mentioned earlier, you can’t prevent all techniques . Therefore, ATT&CK provides extensive guidance on how to detect the use of techniques by attackers with logs and other sources of security analytics at your disposal .

This website uses cookies, by continuing to use the site you agree to using cookies. Continue